1. Firstly I notice a lot of TCP Syn packets being denied at ports 1080, 3128, 8000, 8080 etc
2. Also a lot of attempts at ports 1433, 1434
3. And finally some random attempts at 22, 23, 25

Whats interesting is that all the source IPs are random and in some situations, there is a flag on 2 ports per IP.

These are what I think may be the causes:

1. A simple lookup would reveal the purpose of these ports as the following:1080 : socks3128 : squid-http8000 : http-alt8080 : http-proxy
With this, one can easily deduce that many systems over the web are intentionally/unintentionally checking for open proxies on random IP addresses. These may be normal boxes with scripts/programs running that generate random IPs or using old server connection logs. They may also be infected systems with malware performing the same task. This is one of the many ways lists of open proxies surface on underground websites.

2. These are the ports on which Microsoft SQL server typically listens on and may well be sought after by full blown malware looking for newer prey or automated scans running on a cracker's box.

3. These are usually ports for the typical ssh, telnet and smtp services and are most probably being scanned for vulnerabilities or vulnerable configurations by malware on rooted boxes or automated/active scans running on a cracker's box.

Its quite funny to see the intensity of these reports on the logs. Quite a few popup every hour or so. It is a reminder that a by just connecting a system to the internet without properly securing it can be pretty fatal. Its a dangerous WWW out there and web safety requires proper measures to be taken before connecting the wire.